[hobbit] monitoring etc passwd

Ralph Mitchell ralphmitchell at gmail.com
Wed Jul 8 18:20:31 CEST 2009


Only if passwords are actually stored in /etc/passwd.  Linux systems have
been using /etc/shadow to store passwords, along with last change time and
some other things, leaving just the uid, gid, home directory and shell in
/etc/passwd.
Ralph Mitchell


On Wed, Jul 8, 2009 at 5:34 AM, Shaun Phillips <
tainted.soul69 at googlemail.com> wrote:

> If you do monthly root password changes this is going to send your entire
> estate red surely as the MD5 will change?
>
>
> On Wed, Jul 8, 2009 at 9:02 AM, dOCtoR MADneSs <doctor at makelofine.org>wrote:
>
>> rsmrcina at wi.rr.com a écrit :
>>
>> Gavin,
>>>
>>> Use the FILE client check to determine and possibly alert when a file
>>> (/etc/passwd) has been changed.
>>>
>>> ---- Gavin Leonard <gleonard at progrexion.com> wrote:
>>>
>>>> Hi All,
>>>>                I am having a problem where users and groups are being
>>>> created without the knowledge of the admin team and its making it difficult
>>>> to know who had access to what systems if they leave the company... is there
>>>> a way for hobbit to tell me when the /etc/passwd or /etc/group files change?
>>>> Thanks in Advance..
>>>>
>>>> -Gavin
>>>>
>>>>
>>>>
>>>>
>>>
>>> To unsubscribe from the hobbit list, send an e-mail to
>>> hobbit-unsubscribe at hswn.dk
>>>
>>>
>>> Hi,
>>
>> In client-local.cfg :
>> [your_host]
>> file:/etc/passwd
>> in hobbit-clients.cfg :
>> HOST=your_host
>> FILE /etc/passwd red MD5=9780JNLKNoiulknaée2
>>
>> Those settings should do exactly what you need
>>
>>
>> To unsubscribe from the hobbit list, send an e-mail to
>> hobbit-unsubscribe at hswn.dk
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20090708/e3149ea4/attachment.html>


More information about the Xymon mailing list